Security Token

Aradiom SolidPass™ is a mobile security token that provides better security than a hardware token by giving you control and choice over authentication requirements at a fraction of the cost. Even more importantly, the mobile token provides more than standard two factor authentication. It really provides 2 factor, 2 channel, and 2 way authentication.

Two Factor Authentication (2FA)

Two Factor Authentication is using a combination of two different ”factors” to gain access or authenticate to say online banking: something you know, such as a password or PIN, and something you have, such as a SolidPass™ loaded mobile phone.

Two Channel

In the case of Aradiom SolidPass™, 2 channel means one channel is the phone which generates the response code. The other channel is where the challenge code comes from and where the response code will be used - for example, the Internet in the case of using Aradiom SolidPass™ to login to online banking.

Two Way Mutual Authentication

2 way authentication, also known as mutual authentication, allows the user to authenticate themselves using the mobile token to the enterprise (bank, network resources, etc), and the enterprise to authenticate itself to its users.

Java ME (J2ME)

Aradiom has chosen Java ME (J2ME) as the language for its SolidPass™ solution in order to benefit from “Mobile Java Security," meaning each program runs in its own restrictive "sandbox." This prevents the program from accessing the files or memory of another program or accessing the hardware of the device in the uncontrolled way. Java is supported on all Symbian handsets as well as most Windows Mobile.

How SolidPass Works

To use Aradiom SolidPass™, the customer opens a small Java application (SolidPass™) on his mobile phone. SolidPass™ is a mobile soft token stored in the applications folder. The application can be provisioned in a number of ways include OTA (Over-the-air), Bluetooth and Wap Push.

Soft Token

SolidPass™ is a software token which uses the mobile phone as the "hard" part of the security token, in effect using the processing power of the mobile phone.

One-Time Password (OTP)

SolidPass™ can be used to generate a unique one-time password (OTP). The password generation with Aradiom SolidPass™ is time based and uses a robust encryption mechanism appropriate for mobile phones. The mobile OTP timeout period is also configurable.

Challenge Response

Once the SolidPass™ authenticating system receives the mobile OTP password, it can respond with a challenge code. The challenge code will always contain previously agreed upon data (the encrypted information exists in the phone application).

Security Question

Additionally, Aradiom SolidPass™ allows the enterprise to add a security question and operation specific data to be embedded in the challenge code and retrieved at the phone application for extra security and insurance.

Transaction Data Signing (TDS)

SolidPass™ supports Transaction Data Signing (TDS). This allows the user to authenticate the transaction with a challenge issued by the enterprise and a response generated by SolidPass™ based on the transaction details. The response that is generated becomes the unique digital signature that when processed allows the transaction to go through. SolidPass™ validates the signature against the transaction data and executes the transaction.

The architecture of Aradiom SolidPass™ protects against Man-in-the-Middle (“MITM”), phishing, pharming and DNS cache poisoning (DCP) attacks. The mobile token also provides the ability to require graded and role based security for different parts of a bank site or network environment, ensuring that more sensitive data has the most security.

Mobile Token Convenience

The key advantage of the mobile token is that there are no new devices or wallet-fillers for customers – just an add-on to the device they already carry everywhere. Since customers already own the “hardware” (the phone), Aradiom SolidPass™ can be provided and managed at a fraction of the cost of a hardware token solution. Thanks to its flexible framework the application can also be updated to guard against new security threats.

Software Token Embedded

Aradiom SolidPass™ is a software token built such that it can be used as a standalone product or embedded in our QuickSuite™ of mobile applications. Here is a list of some of the QuickSuite™ family of mobile applications we can embed SolidPass™ into:

Due to the increase of fake web sites and phishing scams, concerns over the security of internet banking have risen worldwide, requiring banks to use better security for their internet banking channel. 40% of consumers put online banking security among the top three factors when selecting a bank. - Jupiter Research, May 2005

“Identity theft has a significant financial impact on financial institutions and their customers and inhibits many customers from leveraging newer channels. 83% of financial institutions worldwide acknowledged their systems were compromised in the past year; 40% sustained financial losses.” - Deloitte Global Security Survey for Global Financial Institutions, May 2004

By year end 2007, 50-70% of banks worldwide will use an authentication method that's stronger than a simple password and less expensive than a hardware token. (Existing solutions using hard tokens are expensive to administer and frequently do not offer multiple layers of security.) - Gartner, Authentication Tokens Aren't Essential for Online Banking, December 2004